ConfigServer & Security Firewall (CSF) is getting more popularity for cPanel servers’ security. It prevents your server from DDOS attacks. This article will help you for installing and configure the CSF firewall on cPanel servers.
Step 1 – Install CSF Firewall
First, download the latest source code of the CSF firewall and extract it on your system using the following commands:
wget https://download.configserver.com/csf.tgz tar xfz csf.tgz cd csf
After extracting the latest code from your system. Execute install.sh script to install CSF on your system. The installer will automatically detect for cPanel server and install the required modules for it.
sh install.sh
Step 2 – Configure CSF Firewall
Now edit /etc/csf/csf.conf configuration file and disable TESTING mode by setting the value to “0”.
TESTING = “0”
Let’s restart CSF service:
csf -r
Now you can visit WHM interface Home » Plugins » ConfigServer Security & Firewall to access CSF graphical interface for more configuration options.
Step 3 – Manage CSF with Command Line
We can also manage the CSF firewall using the command line. For example below are some.
To allow an IP. Ip will be added to /etc/csf/csf.allow
csf -a 11.22.33.44 [or] csf --add 11.22.33.44
To deny an IP. Ip will be added to /etc/csf/csf.deny
csf -d 11.22.33.44 [or] csf --deny 11.22.33.44
To search for specific IP, CIDR in iptables rules.
csf -g 11.22.33.44 [or] csf --grep 11.22.33.44
Start the firewall rules:
csf -s [or] csf --start
Flush/Stop firewall rules (Note: lfd may restart csf)
csf -f [or] csf --stop
Restart CSF firewall rules
csf -r [or] csf --restart